diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 03:15:45 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:21:35 -0500 |
| commit | 04b8575c52410bb6d31e0e55f1cf431d7cc9c7c3 (patch) | |
| tree | 383c9e36b594493255d47b17396446e27d171473 /ipa-client | |
| parent | 3c2b0fc28ae21c7e4b26961e28e2eb0ba0559d29 (diff) | |
| download | freeipa-04b8575c52410bb6d31e0e55f1cf431d7cc9c7c3.tar.gz freeipa-04b8575c52410bb6d31e0e55f1cf431d7cc9c7c3.tar.xz freeipa-04b8575c52410bb6d31e0e55f1cf431d7cc9c7c3.zip | |
Add API initialization to ipa-client-install.
This change makes it possible to call IPA commands from ipa-client-install.
Done to support adding SSH host keys to DNS.
https://fedorahosted.org/freeipa/ticket/1634
Diffstat (limited to 'ipa-client')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index f2f4973fb..170a009cf 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -39,6 +39,7 @@ try: from ipapython import version from ipapython import certmonger from ipapython.config import IPAOptionParser + from ipalib import api, errors import SSSDConfig from ConfigParser import RawConfigParser from optparse import SUPPRESS_HELP, OptionGroup @@ -786,7 +787,6 @@ CCACHE_FILE = "/etc/ipa/.dns_ccache" def update_dns(server, hostname): ip = resolve_ipaddress(server) - princ = 'host/%s' % hostname sub_dict = dict(HOSTNAME=hostname, IPADDRESS=ip, @@ -816,12 +816,6 @@ def update_dns(server, hostname): update_fd.close() try: - ipautil.run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', princ], - env={'KRB5CCNAME':CCACHE_FILE}) - except CalledProcessError, e: - print >>sys.stderr, "Failed to obtain host TGT." - - try: ipautil.run(['/usr/bin/nsupdate', '-g', UPDATE_FILE], env={'KRB5CCNAME':CCACHE_FILE}) print "DNS server record set to: %s -> %s" % (hostname, ip) @@ -830,7 +824,6 @@ def update_dns(server, hostname): try: os.remove(UPDATE_FILE) - os.remove(CCACHE_FILE) except: pass @@ -1123,6 +1116,13 @@ def install(options, env, fstore, statestore): configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server) print "Created /etc/ipa/default.conf" + api.bootstrap(context='cli_installer', debug=options.debug) + api.finalize() + if 'config_loaded' not in api.env: + print >>sys.stderr, "Failed to initialize IPA API." + return CLIENT_INSTALL_ERROR + api.Backend.xmlclient.connect() + # Always back up sssd.conf. It gets updated by authconfig --enablekrb5. fstore.backup_file("/etc/sssd/sssd.conf") if options.sssd: @@ -1142,10 +1142,21 @@ def install(options, env, fstore, statestore): print "Configured /etc/krb5.conf for IPA realm " + cli_realm - client_dns(cli_server, hostname, options.dns_updates) + os.environ['KRB5CCNAME'] = CCACHE_FILE + try: + ipautil.run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', 'host/%s' % hostname]) + except CalledProcessError, e: + print >>sys.stderr, "Failed to obtain host TGT." + if not options.on_master: + client_dns(cli_server, hostname, options.dns_updates) configure_certmonger(fstore, subject_base, cli_realm, hostname, options) + try: + os.remove(CCACHE_FILE) + except: + pass + #Name Server Caching Daemon. Disable for SSSD, use otherwise (if installed) nscd = ipaservices.knownservices.nscd if nscd.is_installed(): @@ -1306,3 +1317,8 @@ except KeyboardInterrupt: sys.exit(1) except RuntimeError, e: sys.exit(e) +finally: + try: + os.remove(CCACHE_FILE) + except: + pass |